Apple has recently released security updates for iOS, iPadOS, and macOS to address two vulnerabilities that are actively being exploited by hackers. The update comes after Google’s Threat Analysis Group, a team dedicated to investigating government-backed cyberattacks, disclosed the vulnerabilities.
Key Takeaway
Apple has released security updates for iPhone, iPad, and Mac users to address two actively exploited zero-day vulnerabilities in WebKit.
The latest software updates, iOS and iPadOS 17.1.2, and macOS 14.1.2, aim to fix the vulnerabilities found in WebKit, the browser engine powering Safari and other Apple apps. These vulnerabilities allow hackers to remotely inject malicious code, like spyware, into the victim’s device over the internet. It is worth noting that these vulnerabilities are referred to as “zero-days” since the vendor has had no time to address the issue before it is exploited.
Apple’s security advisories stated, “Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” indicating that older iOS versions may have been vulnerable to these attacks. Additionally, a separate update, Safari 17.1.2, was rolled out to address the vulnerabilities for users running older versions of macOS Monterey and macOS Ventura.
As of now, it remains unclear who is exploiting these zero-day vulnerabilities, and Google has not identified any specific malicious actors or governments involved. Both Apple and Google have refrained from sharing further details about the vulnerabilities.
In a related development, Google recently patched its own zero-day vulnerability in Google Chrome, which was also being actively exploited. Google’s security researcher, Maddie Stone, highlighted that the issue was fixed within four days. Similarly, Apple swiftly addressed the bug reported by Google’s researchers in less than a week.
